Security/Features/Credential Management API

From MozillaWiki
Jump to: navigation, search



(These do not necessarily represent the views of Mozilla as a whole)


  • More secure login UI
    • Requires a Secure Context
      • This has issues with window.opener
    • Only if users notice the lack of this UI if they're getting phished
    • Unclear if it's more secure than us showing warnings on insecure login forms
  • Local: Web page never gets access to the plaintext password.
    • Credentials can only be sent to the intended origin
  • Allows cross-device automatic login without user mediation if the user chooses.
    • For a single device sites can already have long-lived cookies if they wanted.
    • This would allow clearing of cookies but still having a seamless login
    • This is most useful for multi-device scenarios since cookies aren't synced.
  • Federated: Reduces the Nascar effect where sites have logos of many Federated auth. providers (even for IdPs the user doesn't use).
    • This would work cross-device whereas local storage solutions only worked locally
  • Federated: The UA will remember (cross-device) which federated identity provider were used on a given site
  • Provides an API for sites to tell the browser to save a specific credential
    • We will still have to use heuristics on those pages as we won't know if the save API is going to be used in the future
    • Sites that want their logins saved can already do this with <form> so it doesn't really give anything new. Sites that don't want their credentials saved will still not use this.
    • Sites may start relying on this and only have credentials saved in supporting browsers.
    • This could be abused by sites to overwrite saved credentials.


  • Can make it harder for 3rd-party password managers to be involved
    • We should see if any 3rd-party password manager implements it
  • Federated Credentials help keep you in the Google Ecosystem
  • Doesn't remove the need for form heuristics in our password manager i.e. it only adds more complexity
  • Doesn't help with account registration because it doesn't collect info like names and emails (unlike RequestAutocomplete). Those will remain potentially less secure with no trusted UI.
  • Low adoption so far it seems: See
    • Should get devrel outreach to understand this